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DECLARATION OF FRANCES A. SCARDINO UNDER 37 C.F.R. § 1.68 

I, FRANCES A. SCARDINO, hereby declare under penalty of perjury as follows: 

1 . I am the Assistant at the Century City office of Steptoe & Johnson LLP. I have 
been an employee of Steptoe & Johnson for approximately two and a half (2 1/2) years. 

2. At the direction of Andrew Chen and by way of certified mail, I forwarded the 
Specification as filed, Assignment and Declaration to inventors, Hyon C. Im (hereinafter "Im") 
and Wesley A. Park (hereinafter "Park") dated December 3, 2009 requesting their signature on 
the Declaration. See Exhibit A. 

3. A complete Declaration including all averments and identifying information was 
sent to Im and Park. 

4. On December 9, 2009, 1 received a Return Postcard with Im's signature indicating 
that he had received the documentation forwarded on December 3, 2009. See Exhibit B. 

5. On December 1 5, 2009, 1 received a Return Postcard with Park's signature 
indicating that he had received the documentation forwarded on December 3, 2009. See 
Exhibit C. 
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Declaration of Frances A. Scardino 

6. As of the date of this Declaration, despite my diligent efforts, I have not received 
the executed Declaration from either Im or Park. 

All statements made herein of my own knowledge are true and all statements made on 
information and belief are believed to be true. These statements were made with the knowledge 
that willful false statements and the like are punishable by fine or imprisonment, or both, under 
Section 1001 of Title 18 of the United States Code, and willful, false statements may jeopardize 
the validity of the application or any patent issuing thereon. 

Executed on January 14, 2010, at Los Angeles, California. 





Frances A. Scardino 

Steptoe & Johnson llp 

2121 Avenue of the Stars 
Suite 2800 

Los Angeles, CA 90067 
Tel 310.734.3200 
Fax 310.734.3300 
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December 3, 2009 



Via Certified Mail 

Confirmation of Receipt Requested 

Mr. Hyon C. Im 

5019 Hillswick Drive 

Sugar Land, Texas 77479-3930 



Re: U.S. Patent Application No. 10/033,716 
Filed: December 27, 2001 

Title: REMOTE ACCESS VERIFICATION ENVIRONMENT 

SYSTEM AND METHOD 

Based on: U.S. Provisional Patent Application No. 60/145,068, filed 07/09/1999 
U.S. Utility Patent Application No. 09/612,476, filed 07/07/2000; and 
U.S. Utility Patent Application No. 09/854,438, dated May 11, 2001 

Inventors: Anthony Fontaine, Hyon (John) Im, Wesley A. Park 

Owner: Bally Gaming, Inc. 

Our Ref: 83336.0559 



Dear Mr. Im: 



Pursuant to our letters of May 26, 2009 and June 23, 2009, we are currently seeking to have you 
execute a declaration for the U.S. Patent Office, confirming that you are indeed an inventor of the 
above-referenced applications. 

On December 27, 2001, we filed the above-identified patent application, which was based on the 
three referenced prior applications listed above. At the time the application was filed, we forwarded the 
enclosed patent application and declaration for your execution to your former employer, Vasco Data 
Security International in Oak Park Terrace, IL. 
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Mr. Hyon C. Im 
December 3, 2009 
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We were informed by Vasco that you were no longer employed with them, and, as such, we do 
not believe you ever received a copy of the application, or were able to execute the enclosed 
Declaration, indicating that you were one of the inventor listed on these applications. 

Please find enclosed a copy of the patent application that was filed on December 27, 2001 and a 
Declaration for your execution and return, which, when received, will be filed with the U.S. Patent and 
Trademark Office. 

We have also enclosed a revised assignment of the patent application to Bally Gaming, Inc. for 
your execution and return. The new assignment covers any reasonable compensation for your time and 
out-of-pocket expenses (subject to prior written approval by Bally) that you may incur in connection 
with being a witness or providing testimony in any court or legal proceeding involving the inventions 
disclosed in the above-reference applications. 

We appreciate your assistance. If you should have any questions, please do not hesitate to 
contact me. As we stated above, we are attorneys for Bally Gaming, Inc. and do not represent you or 
your former employer, Vasco. As such, it is recommended that you to contact independent counsel 
should have any questions regarding this matter. 



Sincerely, 




Andrew B. Chen 
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5 RELATED APPLICATION 

This application is claiming the benefit of patent application serial no. 
09/854,438 filed on May 1 1 , 2001 , which is a continuation of patent application 
serial no. 09/612,476 filed on July 7, 2000, and provisional application serial 
N 10 no. 60/1 45,068 filed on July 9, 1 999. 

5 BACKGROUND OF THE INVFNTIOM 

This invention relates generally to improvements in remote access 
verification systems and, more particularly, to a remote access verification 
environment system and method for enabling remote access to an application 
server, wherein a user's location and/or jurisdiction needs to be verified for 
enabling processing of a transaction requiring such user location verification. 

A portion of the disclosure of this patent document contains material which 
20 is subject to copyright protection. The copyright owner has no objection to the 
facsimile reproduction by anyone of the patent document or the patent disclosure, 
as it appears in the Patent and Trademark Office patent file or records, but 
otherwise reserves all copyright rights whatsoever. 

25 Description of the Related Art 

The present invention is directed to verification of geographic location for 
enabling remote access to an application server, and is particularly applicable to 
transactions requiring user location verification, such as gambling transactions, 
30 wherein processing gambling information for the purposes of wagering is 
restricted to venues where it is allowable by law. 
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Gambling transactions, in some form, are currently legal in 48 states in the 
United States and in many foreign countries. In order to insure consumer 
protection, gambling is highly regulated by the jurisdiction in which the activity 
5 occurs. Each jurisdiction sets its own standards for regulation including, for 
example, what games may be played, what the payouts must be, and consumers' 
recourse for the redress of grievances. Typically, gambling regulations will differ 
^ from jurisdiction to jurisdiction depending upon the social perspective on 
gambling in that jurisdiction. In the past, the enforcement of these regulations has 
y 1 0 been facilitated due to the nature of the activity, in that physical presence at the 
«J activity confirmed that the activity was performed within the authorized 
JJ jurisdictional boundaries. 

ni The concept of telephone wagering, e.g., consisting of betting from remote 

-q 1 5 locations removed the requirement of physical presence at the gambling location 
p and, thus, enabled a wagerer to place a bet from a remote location through a 
telephone without actually being physically present in the jurisdiction. In this 
regard, Federal legislation known as the Wire Act has now made it illegal to use 
a wire for the interstate transmission of wagering information. 

20 

However, with the advent of the Internet as a medium for the placing of 
bets or wagers, the applicability of the Wire Act to the Internet has been at issue. 
Proponents of the Internet gaming argued that the Internet was not a wire 
medium and therefore the law was not applicable to their activity. Furthermore, 
25 since most of the Internet gambling sites are currently located offshore and not 
within United States jurisdiction, proponents have argued that if the activity is legal 
in their jurisdiction, they are not in violation of United States laws. 
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Legislation has been introduced to specifically cover use of the Internet for 
wagering purposes, including the Internet Gambling Prohibition Act. Although 
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this act is described as a prohibition against the use of the Internet for gambling 
purposes, there are specific exemptions for industries using specific technology. 
Under this act, industries such as horse racing and state lotteries may employ a 
technology defined as Closed-Loop Subscriber-Based Service for the purpose of 
wagering, provided that the service can verify that the person is physically located 
in a state where the activity is legal. 

Therefore, those concerned with the development and use of improved 
remote access verification systems, methods, and the like have long recognized 
the need for improved systems and methods for determining and verifying a 
user's geographic location for enabling access to the processing of transactions 
y. requiring such user location verification 

m 



SUMMARY OF THE INVENTION 

Briefly, and in general terms, the present invention provides a new and 
improved system and method for authenticating the geographic location of a user, 
identifying the user, and permitting the user to access an application server for 
transaction processing in an efficient, effective, and secure manner. 

By way of example, and not by way of limitation, the present invention 
provides a remote access verification environment system and method for 
enabling verification of remote access to an application server upon authentication 
of a location from which a user has sought access. The system is adapted to 
authenticate the user location to determine whether the user's location is an 
authorized location for enabling access to the application server. 



30 



More particularly, the present invention may include a client for enabling 
the user to request remote access to the application server, an access server for 
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receiving and processing a request for access to the application server from the 
client, adapted to be located remote from the user's location, an authenticating 
server for authenticating the location of the user responsive to receipt of the 
processed request from the access server, adapted to be connected to the access 
server, and a network for interconnecting the client, the access server, the 
authenticating server, and the application server. The client may include an 
identifier associated with the user's location, such as a cookie, or a dynamic 
cookie, and the authenticating server may be adapted to authenticate the client 
location identifier. The client may further include a dialer located at the user's 
location, with a number associated with the dialer, and the authenticating server 
may comprise a Remote Access Dial-In User Service (RADIUS) server. The 
RADIUS server can include a system for authenticating the dialer number, which 
may be accomplished via Automatic Number Identification (ANI) system, and a 
system for identifying the first number from which the user has dialed, which may 
be accomplished via a Dialed Number Identification Services (DNIS) system. The 
authenticating server may also include a database of authorized locations, for 
enabling verification of the location of the user as an authorized user location. 
The network may comprise an intranet, it may include a local area network, or 
alternatively, it may comprise the Internet. 



The system, in accordance with the present invention, may also include a 
system for determining the identity of the user, which may comprise a challenge 
and response system, wherein the authenticating server may issue a security 
challenge to the client, and the client may interrogate the security challenge, 
generate a response, and send the response to the authenticating server. The 
present invention may further include a system for insuring the user's presence 
at the location from which the request has been sent, which may consist of a card, 
e.g., a Smart Card, for identifying the user, and a reader for reading the card and 
forwarding the information to the authenticating server. The user may access the 
client at a location remote from the application server, for example from the user's 
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home, office, or kiosk. The client may further include a communications port, a 
facility for the loading of software such as a disk drive, compact disk drive, or a 
communications port, a storage area for a geographic identifier, software that 
controls the communications port, a processing unit to interpret the 
5 communications, and output device such as a video display or television for 
communications output, and an input device such as a keyboard, mouse, touch 
screen, or voice recognition for communications input. 



y. In accordance with the present invention, the user may establish contact 

5 10 with the application server directly through a proprietary or private network, or 
jjj indirectly through the Internet or a virtual private network, through enabled proxy 
2 and Web servers. Once a link between the user's client and an authenticating 
m server has been effected, the server may query the client processing unit for 
information regarding the controller for the communications port. The processing 
Jy 15 unit may relay the geographic identification information contained in the 
J communications controller to the authenticating server. During this process, the 
user may receive messages from the authenticating server that will be displayed 
on the output device. The user may be prompted to supply additional user 
information that may be entered through the input device. The user's geographic 
20 location identifier, as well as other pertinent information may be stored in a user 
account database. Successful logon to the authenticating server may activate the 
user's account, and may become available for tracking by the authentication- 
enabled application. Upon disconnection of the user, the account may be 
deactivated, whereupon all session specific information may be removed from the 
25 user's record. In addition, unsuccessful logon attempts may be reported, logged, 
and the user disconnected, thereby refusing access to the application server. 



Therefore, an advantage of the present invention is that it includes a 
system for securely and effectively verifying the location of a user requesting 
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access to an application server, for enabling the secure and effective processing 
of a transaction requiring user location verification. 

A further advantage is that the present invention provides efficient and 
effective systems for insuring the user's presence at the location from which 
access is requested, to enable effective and efficient authentication. 

These and other objects and advantages of the invention will become 
apparent from the following more detailed description, when taken in conjunction 
with the accompanying drawings of illustrative embodiments. 
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BRIEF DES CRIPTION OF THE DRAWINGS 



FIGURE 1 is a schematic diagram of a remote access verification system 
in accordance with the present invention; 

FIG. 2 is a block diagram illustrating a client system for communicating with 
an application server, in accordance with the invention; 

FIG. 3 is a block diagram of a system for communicating between a client 
and a remote Web server, in the practice of the present invention; 

FIG. 4 is a block diagram showing a security system for an Internet Service 
Provider Web server, in the practice of the invention; 

FIG. 5 is a block diagram of a system for enabling a client to access a 
remote Web server, in accordance with the present invention; 

FIG. 6 is a block diagram of a client security authenticating system, in the 
practice of the invention; and 

FIG. 7 is a block diagram of a client geographic verification system, in 
accordance with the invention. 
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DETAILED DESCRIPTIOJ^OFJHEPREFERRED EMBODIMFMT.9 



a 
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The present invention is directed to a remote access verification 
environment system and method, for enabling remote access to an application 
server, upon authentication as an authorized remote location from which a user 
has sought such access to the application server and for enabling access to the 
application server for the processing of a transaction requiring such user location 
authentication. The improved system and method of the present invention 
provides efficient, effective, and secure verification of the location of the remote 
access request for enabling access to the application server. The preferred 
embodiments of the improved system and method are illustrated and described 
herein by way of example only and not by way of limitation. 

Referring now to the drawings, wherein like reference numerals denote like 
or corresponding parts throughout the drawing figures, and particularly to FIGS. 
1-7, and more particularly to FIG. 1, a system 10 is utilized for enabling 
verification of a location 12 from which a user may be requesting remote access 
to an application server 14. The system 10 includes at least one user request 
enabling device 1 6 for enabling a user to request remote access to the application 
20 server 1 4, which user request enabling device 1 6 is adapted to be located at the 
user's location 12. The system 10 also includes at least one access server 18, 
for receiving and processing a request for access to the application server 14 from 
the user request enabling device 16, which access server 18 is adapted to be 
located remote from the user's location 12. It further includes an authenticating 
25 server 20 for authenticating the location 1 2 of the user in response to receipt of 
the processed request from the access server 18, adapted to be connected to the 
authentication server 20. It also includes a network 22, for interconnecting the 
user request enabling device 16, the access server 18, and the authenticating 
server 20. 



9 Docket No. 10407/559 

The user request enabling device 16 may comprise, for example, an 
interface station or a client, such as, for example, a personal computer based 
system capable of running a browser and connecting to a remote computer, a 
hand held device, (such as a personal digital assistant and the like ) a set top box 
5 connected to a television, or application specific devices incorporating a 
communication medium to a remote server, a display, and an input device. It may 
also include an identifier associated with the user's location 12, such as, for 
example, a cookie, and may include a dialer, such as for example a telephone 
dialer, located at the user's location 12. The dialer may include a number 
1 0 associated therewith, such as, for example, a telephone number. Where the user 
request enabling device 16 comprises a client 16, for example, it may include a 
dialer which may be used in conjunction with a dialing system which includes a 
plurality of numbers, each number associated with one of a plurality of dialers 
adapted to enable dialing therefrom, and each associated with a different user 
15 location. The dialing system may comprise, for example, a telephone system, 
which may include assigned telephone numbers. In such a system, the 
authenticating server 20 may comprise , by way of example, a Remote Access 
Dial-In User Service (RADIUS) server, or another server which includes dial up 
user validation software adapted to validate a user by comparing logon name, 
20 password, and the like, with jurisdictional values in a database or table. 

In such a dialing system, the authenticating server 20 may include a 
system for identifying the number associated with the dialer located at the user's 
location 12, which system may comprise, for example, Automatic Number 

25 Identification (ANI) service, a Calling Party Number (CNID) service provided by 
a local central office that identifies the originating telephone number of the user, 
or an Internet protocol address associated with a service provider for cable, digital 
subscriber line, satellite networks, and the like. Further, in such a dialing system, 
the authenticating server 20 may include a system for identifying the first number 

30 from which the user has dialed, to prevent a user from attempting to circumvent 
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the system 1 0, e.g., by activating the dialer at the user location 1 2 from a location 
other than the user location 12, Such a first number identifying system may 
comprise, by way of example only, Dialed Number Identification Services (DNIS). 

i The authenticating server 20 in the system 10 may further include a 

database of authorized locations, for enabling verification of the location of the 
user as an authorized location. It may further include a system for determining 
the identity of the user, which may comprise a challenge and response system, 
such as, for example, software providing challenge/response authentication, or 
software supporting a public key infrastructure. In the challenge and response 
system, the authenticating server 20 may issue a security challenge to the user 
request enabling device 16 to verify the identity of the user. The security 
challenge may be issued by the authenticating server 20 in the form of a token. 
The client 16 may then interrogate the security challenge, generate a response, 
and transmit the response to the authenticating server 20. In such a system, the 
authenticating server 20 may include a database for enabling verification of the 
response of the client 16 to the security challenge, and for enabling authorization 
of access to the application server 14. 

In accordance with the present invention, the network 22 may comprise, for 
example, an intranet which may include at least one local area network, adapted 
to interconnect at least one of the clients 16 and an access server 18, or a private 
network which may employ a public communications infrastructure, a cable 
network, a satellite network, or the like. The network 22 may alternatively 
comprise, for example, the Internet, for interconnecting the client and the servers 
in the system 10. 



30 



The system 10, in accordance with the present invention, may further 
include a system for insuring the user's presence at the user location 12, which 
may comprise a card for identifying the user, and a reader for reading the user 
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identifying card, adapted to be connected to the client 16 at the user location 12. 
The card for example may comprise a magnetic stripe card, or a hand held 
hardware based token, used to verify both the user and the user's actual physical 
presence, which may employ an encrypted value in a processor that relates the 
card to a user, or a mechanism for recording the user's identity by storing the 
user's finger-print on the card itself. The card may alternatively comprise a soft 
token constituting software that provides attributes of a hard token without the 
physical device, which may be activated through a keyboard or by voice or mouse 
input. The reader, for example, may be a device connected directly to a computer 
by a serial, parallel or infrared connection, or incorporated into a client without 
requiring external wiring or communications, or software for use with a soft token. 
Furthermore, a time out feature may be employed, in accordance with the presort 
invention, to insure that the user is actually physically present at the user location 
12. In other words, the user can be prompted to insert his card at a particular 
time. Failure to do so will terminate the session as the system 10 will interpret 
such failure to insert/respond as the user not being physically present at the user 
location 12. 



The system 10 may also include a firewall 24 for security verification and 
authentication of all data seeking to pass therethrough, and a switch 26 for 
switching between the access servers 18, and the authenticating server 20 and 
application server 14. The firewall 24 may comprise, for example, a software 
based firewall employing packet filtering technologies, or a hardware based 
hardened firewall, or the like. 



An exemplary client 16, in accordance with the present invention, is shown 
in FIG. 2 for communicating with an application server 14 which may be Web 
based. The client 16 may include, for example, a microprocessor 28 for 
controlling input/output, communications, and software operations, a video display 
30 for viewing output communications sent from the application server 14, and a 
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Web browser 32 or other suitable software for providing page layout display 
functions for the display 30. The client 16 may further include a keyboard 34 or 
other device for sending input communications to the application server 14, a 
geographic identifier 36, comprising a software program containing information 
5 regarding the geographic location and session identifier of the user, residing in 
storage, which may be in the form of a cookie dynamically created for each 
session, and a browser plug-in 38 comprising a software program for enabling the 
browser 32 to query the geographic identifier 36 residing in storage. The client 
16 may also include a security software module 40 comprising a software 
0 program for user authentication based on hardware or software tokens residing 
in storage, and communications ports 42, for communicating with the remote 
application server 14, or for communicating with local hardware devices for 
software loading and security token communications with the security software 
module 40, which for dial-up communications includes a dialer for controlling the 
5 communications ports. The client 16 may still further include a device 44 for 
loading software or performing hardware scanning of authorization tokens, and 
the network 22 comprises the physical or virtual communications link to the 
remote application server 14. 



In the present invention, the client 16 may comprise a personal computer, 
which may include the microprocessor 28, the video display 30, the Web browser 
32, the keyboard 34, and the communications ports 42. The software, comprising 
the geographic identifier 36, the browser plug-in 38, and the security software 
module 40, may be obtained by the user on media loaded directly from the 
loading device 44, or through software downloaded from a remote server, 
accessed through the network 22 through the communications port 42 and 
installed to program in memory. 

For dial-up communications, in accordance with the present invention, the 
geographic identifier 36 may include the dial-up phone number of an Internet 
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Service Provider (ISP), which may include country code, area code, prefix, and 
number, as is appropriate by each country. The geographic identifier 36 may be 
in the form of a cookie, resident in memory, and established upon dial-up. The 
cookie may also contain session identification for the connection to a Web server. 
The value of the geographic identifier 36 in the cookie may be determined by the 
value used in the dialer. While the typically may only is capable of utilizing the 
local portion dial-up value to establish communications. As such, this requires 
that the user be within the local calling area of the ISP, thereby determining the 
geographic location of the client 16 to be within a certain local calling area. For 
cable and other communication techniques, the value in the geographic identifier 
36 is input prior to the software download, which value may include the Internet 
Protocol (IP) address of the ISP as well as the local support number of the ISP. 
The geographic identifier 36 may alternatively utilize a Geographic Positioning 
System (GPS) for removing reliance on user input and for removing any ambiguity 
regarding the exact location of the client 16. 

An example of a communications system, in accordance with the present 
invention, for communications between the client 16 and a remote Web server 
through an ISP 46, is illustrated in FIG. 3. The network 22 which comprises a 
communications medium may, for example, be a direct dial-up connection through 
telephone technologies, a cable connection, a satellite connection, or the like. 
Once the physical connection has been established, the ISP will open a Point-to- 
Point Protocol (PPP) connection to enable communications with the client 16 
through Transmission Control Protocol/IP (TCP/IP). The ISP 46 may then assign 
a virtual port number and IP address 48 to the client 16. These numbers are then 
used to route information from the Internet 50 to the client 16. When the client 1 6 
requests communication with a Web server 52 on the Internet 50, the ISP assigns 
an actual IP address and port number 48 for that particular communication with 
the Web server 52. Once assigned, the ISP 46 routes the communication to the 
appropriate IP address of the Web server 52. The ISP 46 tracks the relationship 
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of the virtual address to the actual IP address and port number 48 used to 
communicate with the Web server 52. The ISP 46 dynamically assigns a different 
actual IP address and port number 48 for each communication with the Web 
server 52. Each session between the client 16 and the Web server 52 consists 
of may communications. The ISP 46 dynamically resolves all virtual and actual 
IP addresses and port numbers 48 to insure communications between the client 
16 and the Web server 52. Once the communications have been established 
between the ISP 46 and the client 16, a graphical user interface application or 
browser 32 is launched. The browser 32 may be proprietary to the ISP 46, or may 
be commercially available, for example Netscape Navigator, Netscape 
Communication, Microsoft Explorer, or the like. 



An exemplary of a security system, in accordance with the present 
invention, for providing a security function of verifying geographic identity upon 
access to the ISP 46, is shown in FIG. 4. The ISP 46 may reside on a private 
network and can communicate directly with the remote Web server 52. The client 
16 connects to the ISP 46 through the Web server 52. The access server 18 
captures relevant information regarding the geographic location of the client 16, 
which information may comprise ANI and DNIS. These values are interpreted by 
the RADIUS server 20. The RADIUS server 20 validates the user, and issues a 
challenge including a security token to the client 16. The client 16 interrogates the 
security token and receives a response which is then transmitted to the ISP 46. 
The RADIUS server 20 verifies the response based on values in a user accounts 
database 54. Upon successful verification, the RADIUS server 20 authorizes 
access to the ISP Web server 52 from the access server 18. 

Another example, in accordance with the present invention, of a process 
by which the client 16 may access the remote Web server 52, by establishing 
communications between the client 16 and the Web server 52 through the ISP 
46, is seen in FIG. 5. A proxy Web server 56 tracks communications between the 
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client 16, the ISP 46, and the Web server 52. The client 16 accesses the ISP 46, 
and the ISP 46 assigns the IP address and port number 48. The geographic 
identifier 36 may be dynamically established in the form of a dynamic cookie. The 
proxy Web server 56 accesses the user accounts database 54 and assigns the 
5 user name and a session identifier 58, which will be consistent throughout the 
user's session with the remote Web server 52, since the actual IP address and 
port number 48 may change with each messaging exchange. By attributing the 
user name and session identifier 58 to the entire session, only the first contact 
^ requires verification, rather than requiring verification with each connection as 

O 1 0 may be required without the Web proxy server 56. Once the remote Web server 

o 

y 52 has received this information, it activates the security software that will begin 

;JJ the security authentication of the client 1 6. 

M, 

^ A system for security authentication of the client 16 through the remote 

jy 15 Web server 52 is illustrated for example in FIG. 6. Once the Web server 52 has 
Z established the identity of the client 1 6 by the user name and session identifier 58, 

p it prompts the RADIUS server 20 for authentication parameters. The RADIUS 

server 20 generates a challenge including a security token to the client 16, which 
is transmitted by the Web server 52 through the Web proxy server 56 and the ISP 
20 46. The client 16 receives the challenge and queries the security token for a 
response. The client 16 then transmits the response to the ISP 46. The ISP 46 
then transmits the response to the Web proxy server 56, which may again resolve 
any mapping changes of the IP address and port number 48 to the original 
session identification of the user name and session identifier 58. The response 
25 message is then transmitted to the Web sever 52. The Web server 52 sends the 
response to the RADIUS server 20 for verification of authenticity. If authentic, the 
RADIUS server 20 informs the Web server 52 to allow the client 1 6 access to the 
Web server 52. If authentication is rejected, the RADIUS server informs the Web 
server 52 to log the unsuccessful login attempt, to issue an error message to the 
30 client 1 6, and to disconnect the user. 
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A system for geographic verification of the client 16 subsequent to the 
successful login to the Web server 52 is shown, for example, in FIGS. 2 and 7. 
Once the client 16 has completed a successful login to the Web server 52, a 
5 server application is activated to query the client for its geographic location. 
Communications between the Web server 52 and the client 16 are conducted 
through the proxy server 56 and the ISP 46. The client 16 receives the request 
through its browser 32 and activates its browser plug-in 38. The browser plug-in 
_ 38 queries the geographic identifier 36 of the client 1 6, and returns this value to 

0 10 the proxy server 56. The proxy server 56 compares this value against known 
w valid values in the user accounts database 54. If acceptable, the information is 
S| logged and the client 1 6 is passed to the application server 14. If unacceptable, 

01 the event is logged, an error message is issued to the client 16, and the 
j\ connection is disconnected. 

™ 15 

ru 

N Although one of ordinary skill in the art will appreciate that the present 

M invention has been described above for use in all areas of communication, 

wherein the geographic or jurisdictional location of a user needs to be verified, in 
one preferred embodiment, the present invention is used in a gaming environment 
20 to allow a user to place wagers from jurisdictions in which gambling is legal. In 
such an embodiment, the present invention is comprised of the following 
components providing a secure network environment for the Internet-based 
delivery of gaming contact for wagering. In accordance with the present 
invention, the system will comprise a gaming card, e.g., a Smart Card as 
25 manufactured by Schulumberger, Inc. The gaming card will contain both security 
data for identifying the user and a monetary value for placing wagers. The Smart 
Card will be read by a Smart Card reader, for example, such as those 
manufactured by Fischer, Inc. One feature of the Smart Card reader, in 
accordance with the present invention, is the timeout feature which will require the 
30 user to be physically present at the card reader in order to insert the Smart Card 
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therein at the appropriate time. In this way, the user cannot circumvent the 
system by placing the Smart Card in the reader in advance, and then dialing his 
computer from another remote location in order to seize control of the system and 
to gain access to the gaming service. 

5 

In practice, when the user desires to access the gaming system, the 
following steps are performed: 

1 . The user installs the appropriate software, on the computer, PDA, 
u, or the like . in accordance with the present invention, in order to gain 

O 10 access to the gaming system. 

W 2. An access number, supplied by the gaming system operator, is used 

ij to gain access to the gaming system network. This number will be 

m used to supply the corresponding AN I identification of the user's 

j\ telephone number and DNIS of the originally dialed number. 

J 15 3 - Upon verification of the user's jurisdictional location by the RADIUS 

\j server, the user is prompted to insert the gaming card into the card 

£ reader. At this point, if ANI is missing from the data string, the call 

will be rejected. Upon insertion of the Smart Card, a challenge is 

issued from the RADIUS server to the client. 
20 4 - At this stage, the user inputs a personal identification number which 

is used to create a response to the server's challenge. 
5. Upon validation of the challenge, the gaming system allows access 

to a desired URL through the client browser. 



In summary, in an Intranet environment for playing games, the system 
allows a user to log in and, at the first stage, the system determines the 
geographic location of the user. Thereafter, the user is authenticated for security 
purposes, and at that time, the user is able to log in to the particular application 
they are seeking to address or access. Once access to the particular application 
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is granted, additional security measures, such as PINS or other security 
techniques may be required in order to complete the log-in process. 

The present invention provides improved systems and methods for 
5 verifying the geographic location of a user, for enabling the processing of a 
transaction requiring user location verification, in a secure, effective and efficient 
manner. 



In accordance with the present invention, the improved systems and 
1 0 methods include a system which provides effective and secure authentication of 
the user location, for enabling requested access to the application server for 
transaction processing, and for efficient and effective verification of the presence 
of the user at the location from which the application server access is requested. 

15 Examples of a preferred form of source code for use in carrying out the 

above described software and firmware steps in conjunction with the hardware as 
described above, is included in the Provisional Patent Application Appendix 
attached to this application and incorporated herein. 
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It will be apparent from the foregoing that, while particular forms of the 
invention have been illustrated and described, various modifications can be made 
without departing from the spirit and scope of the invention. Accordingly, it is not 
intended that the invention be limited, except as by the appended claims. 



WHAT IS CLAIMFD IS: 
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1 - A system for enabling remote access to an application server, upon 
authentication of a location from which a user has sought access as an authorized 
location, for enabling processing of a transaction requiring user location 
authentication, wherein the user location includes means for enabling the user to 
request remote access to the application server, the system comprising: 

an access server, for receiving and processing a request for access to the 
application server from a user request enabling means, the server adapted to be 
located remote from the user's location; 

an authenticator for authenticating the location of the user responsive to 
receipt of a processed request from the access server, the authenticator adapted 
to be connected to the access server; and 

means for interconnecting the access server and the authenticator. 

2. The system of claim 1, wherein the authenticator comprises an 
authenticating server. 

3. The system of claim 1 , wherein the authenticator includes means for 
determining the identity of the user. 

4. The system of claim 1 , further comprising means for insuring the 
user's presence at the location. 

5. The system of claim 1 , further comprising means for enabling the 
user to request remote access to the application server. 

6. The system of claim 1 , wherein the interconnecting means comprise 
a network. 
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7. The system of claim 2, wherein the authenticating server includes a 
database of authorized locations, for enabling verification of the location of the 
user as an authorized user location. 

8. The system of claim 2, wherein the authenticating server comprises 
a Remote Access Dial-In User Service (RADIUS) server. 

9. The system of claim 3, wherein the user identity determining means 
comprise a challenge and response system. 

1 0. The system of claim 4, wherein the user presence insuring means 
comprise a card for identifying the user, and a reader for reading the user 
identifying card, adapted to be connected to the user access request enabling 
means at the user location. 

11. The system of claim 5, wherein the user request enabling means 
comprise an interface station. 

12. The system of claim 5, wherein the user request enabling means 
comprise a client. 

13. The system of claim 5, wherein the user request enabling means 
include a location identifier. 

14. The system of claim 5, wherein the authenticating means are 
adapted to issue a security challenge to the user request enabling means, and the 
user request enabling means are further adapted to interrogate the security 
challenge, to generate a response, and to transmit the response to the 
authenticator. 

15. The system of claim 5, wherein the user request enabling means 
include an identifier associated with the user's location, and the authenticator 
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comprises means for authenticating the identifier associated with the user's 
location. 

16. The system of claim 5, wherein the user request enabling means 
include a dialer, located at the user's location, and wherein the dialer includes a 
number associated therewith. 

1 7. The system of claim 5, wherein the user request enabling means 
comprise a plurality of user request enabling means, and the interconnecting 
means comprise a network comprising an intranet which includes at least one 
local area network, adapted to interconnect at least one of the plurality of user 
request enabling means and the access server. 

18. The system of claim 5, wherein the interconnecting means are 
further adapted to interconnect the user request enabling means. 

1 9. The system of claim 6, wherein the network comprises an intranet. 

20. The system of claim 6, wherein the network comprises the Internet. 

21 . The system of claim 8, further comprising means for enabling the 
user to request remote access to the application server, wherein the 
authenticating server is further adapted to issue a security challenge to the user 
request enabling means. 

22. The system of claim 1 5, wherein the locating identifier comprises a 
cookie. 

23. The system of claim 16, wherein the authenticator comprises a 
number identifier for identifying the number associated with the dialer located at 
the user's location. 

24. The system of claim 16, wherein a dialing system includes a plurality 
of numbers each associated with one of a plurality of dialers adapted to enable 
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dialing therefrom and each dialer associated with a different user location, and the 
authenticator further comprises means for identifying the first number dialed from 
in the dialing system. 

25. The system of claim 20, wherein the locating identifier comprises a 
dynamic cookie. 

26. The system of claim 21 , wherein the user request enabling means 
are adapted to issue a response to the security challenge, and the authenticating 
means include a database for enabling verification of the response of the user 
request enabling means to the security challenge. 

27. The system of claim 23, wherein the number identifier comprises 
Automatic Number Identification. 

28. The system of claim 24, wherein the first number identifying means 
comprises Dialed Number Identification Services. 

29. The system of claim 26, wherein the authenticator is further adapted 
to verify the response of the user request enabling means to the security 
challenge based on the database in the authenticator, and to authorize access to 
the application server. 

30. A system for enabling remote access to an application server, upon 
authentication of a location from which a user has sought access as an authorized 
location, for enabling processing of a transaction requiring user location 
authentication, wherein the user location includes means for enabling the user to 
request remote access to the application server, the system comprising: 

an access server, for receiving and processing a request for access to the 
application server from a user request enabling means, the server adapted to be 
located remote from the user's location; 
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an authenticator for authenticating the location of the user responsive to 
receipt of the processed request from the access server, the authenticator 
adapted to be connected to the access server, the authenticator including a 
Remote Access Dial-In Service (RADIUS) server; 

means for interconnecting the access server and the authenticator; and 

means for enabling the user to request remote access to the application 
server, such means including a dialer, located at the user's location, wherein the 
dialer includes a dialing number associated therewith. 

31 . The system of claim 30, wherein the authenticator includes a number 
identifier for identifying the number associated with the dialer located at the user's 
location. 

32. The system of claim 30, and further comprising a dialing system 
including a plurality of numbers each associated with one of a plurality of dialers 
adapted to enable dialing therefrom and each associated with a different user 
location, and the authenticator comprises means for identifying the first number 
dialed from the dialing system. 

33. The system of claim 31, wherein the number identifier comprises 
Automatic Number Identification. 

34. The system of claim 32 wherein the first number identifying means 
comprises Dialed Number Identification Services. 

35. A system for enabling remote access to an application server, upon 
authentication of a location from which a user has sought access as an authorized 
location, for enabling processing of a transaction requiring user location 
authentication, wherein the user location includes means for enabling the user to 
request remote access to the application server, comprising: 
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an access server, for receiving a request for access to the application 
server from user request enabling means, adapted to be located remote from the 
user's location; 

an authenticator for authenticating the location of the user, the 
authenticator adapted to be connected to the access server and further including 
an identifier for determining the identity of the user; 

means for interconnecting the access server and the authenticator; and 

means for enabling the user to request remote access to the application 
server. 

36. The system of claim 35, wherein the user identifier further comprises 
a challenge and response system. 

37. The system of claim 35, wherein the authenticator is adapted to 
issue a security challenge to the user request enabling means, and the user 
request enabling means are further adapted to interrogate the security challenge, 
to generate a response, and to transmit the response to the authenticator. 

38. The system of claim 35, further comprising means for enabling the 
user to request remote access to the application server, wherein the authenticator 
server is further adapted to issue a security challenge to the user request enabling 
means. 

39. The system of claim 38, wherein the user request enabling means 
are adapted to issue a response to the security challenge, and the authenticator 
includes a database for enabling verification of the response of the user request 
enabling means to the security challenge. 

40. The system of claim 39, wherein the authenticating means are 
further adapted to verify the response of the user request enabling means to the 
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security challenge based on the database in the authenticator, and to authorize 
access to the application server. 

41 . A system for enabling remote access to an application server upon 
authentication of a location from which a user has sought access as an authorized 
location for enabling access to the application server and processing of a 
transaction requiring user location authentication, wherein the user location 
includes means for enabling the user to request remote access to the application 
server, comprising: 

an access server, for receiving a request for access to the application 
server from user request enabling means adapted to be located remote from the 
user's location; 

an authenticator for authenticating the location of the user, adapted to be 
connected to the access server; 

means for interconnecting the access server and the authenticator; and 

means for insuring user's presence at the location. 

42. The system of claim 41 , wherein the user presence insuring means 
comprise a card for identifying the user and a reader for reading the user 
identifying card, adapted to be connected to the user access request enabling 
means at the user location. 

43. A system for enabling remote access to an application server, upon 
authentication of a location from which a user has sought access thereto as an 
authorized location, for enabling processing of a transaction requiring user 
location authentication, wherein the user location includes means for enabling the 
user to request remote access to the application server, comprising: 
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an access server, for receiving and processing a request for access to the 
application server from user request enabling means, the server adapted to be 
located remote from the user's location; 

an authenticating server for authenticating the location of the user 
1 0 responsive to receipt of the processed request from the access server, adapted 
to be connected to the access server; and 

a network for interconnecting the access server and the authenticating 
server. 

44. The system of claim 43, further comprising a client for enabling the 
user to request remote access to the application server. 

45. The system of claim 43, wherein the authenticating server includes 
a database of authorized locations, for enabling verification of the location of the 
user as an authorized user location. 

46. The system of claim 44, wherein the client includes an identifier 
associated with the user's location, and the authenticating server is adapted to 
authenticate the identifier associated with the user's location. 

47. The system of claim 44, wherein the client comprises a plurality of 
clients and the network comprises an intranet which includes a plurality of local 
area networks, each adapted to interconnect at least one of the plurality of clients 
and the access server. 

48. A method of enabling remote access to an application server, upon 
authentication of a location from which a user has sought access thereto as an 
authorized location, for enabling processing of a transaction requiring user 
location authentication, wherein the user location includes means for enabling the 

5 user to request remote access to the application server, in a system which 
comprises an access server, for receiving and processing a request for access to 
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the application server from user request enabling means, adapted to be located 
remote from the user's location, an authenticator for authenticating the location 
of the user responsive to receipt of the processed request from the access server, 
1 0 adapted to be connected to the access server, and means for interconnecting the 
access server and the authenticator, wherein the method comprises: 

requesting an access server to enable a user at a user's location to access 
an application server; 

authenticating the location of the user in the authenticator; and 

determining in the authenticator whether to enable the user to access the 
application server based on the authenticating of the user's location. 

49. The method of claim 48, wherein the authenticator comprises an 
authenticating server, and wherein authenticating further comprises authenticating 
through the authenticating server. 

50. The method of claim 48, wherein the authenticator includes means 
for determining the identity of the user, and wherein authenticating further 
comprises determining the identity of the user through the user identity 
determining means. 

51. The method of claim 48, further comprising insuring the user's 
presence at the location through a user presence insuring means. 

52. The method of claim 48, further comprising enabling the user to 
request remote access to the application server through the user request enabling 
means. 

53. The method of claim 48, further comprising interconnecting the 
access server and the authenticating means through a network. 
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54. The method of claim 49, wherein authenticating comprises 
authenticating through an authorized location database. 

55. The method of claim 49, wherein authenticating further comprises 
authenticating through a RADIUS server. 

56. The method of claim 50, wherein determining further comprises 
challenging the identity of the user and processing the response thereto. 

57. The method of claim 51 , wherein insuring further comprises reading 
a user identifying card which identifies the user, via a card reader, connected to 
the user access request enabling means at the user location. 

58. The method of claim 52, wherein enabling further comprises 
enabling the user request through an interface station. 

59. The method of claim 52, wherein enabling further comprises 
enabling the user request through a client. 

60. The method of claim 52, wherein enabling further comprises 
enabling the user request through the location identifier. 

61. The method of claim 52, further comprising issuing a security 
challenge from the authenticator interrogating a security challenge, generating a 
response to the challenge, and transmitting the response from the user request 
enabling means. 

62. The method of claim 52, wherein authenticating comprises 
authenticating the user's location through a user associated identifier. 

63. The method of claim 52, wherein enabling comprises enabling 
through a dialer having an associated number. 
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64. The method of claim 52, wherein interconnecting comprises 
interconnecting a plurality of user request enabling means through a plurality of 
local area networks. 

65. The method of claim 52, wherein interconnecting further comprises 
interconnecting with a user request enabling means. 

66. The method of claim 53, wherein the network comprises an intranet, 
and wherein interconnecting further comprises interconnecting through the 
intranet. 

67. The method of claim 53, wherein the network comprises the Internet, 
and wherein interconnecting further comprises interconnecting through the 
Internet. 

68. The method of claim 55, wherein authenticating further comprises 
issuing a security challenge to the user request enabling means through an 
authenticating server. 

69. The method of claim 62, wherein authenticating further comprises 
authenticating through a locating identifier cookie. 

70. The method of claim 63, wherein the authenticator comprises means 
for identifying the number associated with the dialer located at the user's location, 
and wherein the step of authenticating further comprises identifying the number 
associated with the dialer. 

71 . The method of claim 63 wherein a dialing system includes a plurality 
of numbers each associated with one of a plurality of dialers adapted to enable 
dialing therefrom and each associated with a different user location, and the 
authenticator comprises means for identifying the first number dialed in the dialing 
system, and wherein the step of authenticating further comprises identifying the 
first number dialed. 
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72. The method of claim 67, wherein the locating identifier comprises a 
dynamic cookie. 

73. The method of claim 68, wherein the user request enabling means 
are adapted to issue a response to the security challenge, and the authenticator 
include a database for enabling verification of the response of the user request 
enabling means to the security challenge, and wherein the step of authenticating 
further comprises verifying the response to the security challenge through the 
verification database. 

74. The method of claim 70, wherein identifying further comprises 
identifying through Automatic Number Identification. 

75. The method of claim 71, wherein the step of identifying further 
comprises identifying through Dialed Number Identification Services. 

76. The method of claim 73, wherein the authenticator is further adapted 
to verify the response of the user request enabling means to the security 
challenge based on the database in the authenticator, and to authorize access to 
the application server, and further comprising the step of authorizing access to an 
application server. 
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ABSTRACT OF THE DISCLOSURE 

A system and method for authentication of the location of a user requesting 
remote access to an application server for processing a transaction requiring user 
location authentication. The system includes a client for enabling the user to 
request remote access to the application server, an access server for receiving 
and processing the request for access, an authenticating server for authenticating 
the user location responsive to receipt of the processed request from the access 
server, and a network for interconnecting the client, the access server, the 
authenticating server, and the application server. The client includes an identifier 
associated with the user's location, and the authenticating server is adapted to 
authenticate the client location identifier. The client may include a dialer, including 
a number associated therewith, and the authenticating server may be adapted to 
identify the number associated with the dialer to authenticate the user's location, 
and may further be adapted to identify the first number dialed to further 
authenticate the user location. The authenticating server may issue a security 
challenge to the client, and the client may interrogate the security challenge, 
generate a response, and transmit the response to the authenticating server. 
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ASSIGNMENT 

This Assignment is made by HYON C. IM of Sugar Land, TX, Assignor, to BALLY GAMING, INC., a 
Nevada Corporation, Assignee, having a place of business at 6601 South Bermuda Road, Las Vegas, NV 89 119- 
7990; 

WHEREAS, Assignor has invented a new and useful REMOTE ACCESS VERIFICATION 
ENVIRONMENT SYSTEM AND METHOD and Assignor believes himself to be an original, first inventor of 
the invention(s) disclosed and claimed in U.S. Application Numbers 60/145,068, 09/612,476, 09/854,438 and 
10/033,716; and 

WHEREAS, Assignee desires to acquire by formal, recordable assignment the entire right, title and 
interest in and to said invention, said Application, any Letters Patent, and all other related and associated 
intellectual property that may be granted for said invention(s) in the United States and throughout the world; 

NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which are 
hereby acknowledged, Assignor has sold, assigned, transferred and set over, and by these presents hereby sell, 
assign, transfer and set over to Assignee all of Assignor's right, title and interest in, to and under said invention(s) 
said Application, and all other related and associated intellectual property (including, but not limited to 
copyrights, trademarks, know-how and trade secrets), including (a) the right to apply for patents in the United 
States of America and in all foreign countries for said invention(s), (b) all application for patents for said 
invention^) or based on said Application in all countries, now filed or to be filed, including all non-provisional, 
divisional, renewal, substitute, continuation, continuation-in-part and convention applications based in whole or in 
part upon said inventions) or upon said Application, (c) all patents which may issue on said inventions) and on 
any application transferred by this Assignment in the United States and foreign countries, and any and all reissues, 
reexams, extensions, divisions, renewals, substitutes, continuations or continuations-in-part of patents granted for 
said mvention(s) or upon such Application, for the full term or terms for which the patents may be issued, and (d) 
every priority right that is or may be predicated upon or arise from said invention(s), said Application and such 
patents under any applicable international or bilateral treaty, agreement or convention. Assignor hereby 
authorizes Assignee to file a patent Application or any other application in all countries for any or all of said 
invention^) in Assignor's name, or in Assignee's name or otherwise as Assignee may deem advisable, under any 
international or bilateral treaty, agreement or convention, or otherwise. 

Further, Assignor agrees that, upon request but at no expense to Assignor, Assignor and his legal 
representative(s) and assigns will execute all papers that may be necessary or desirable for obtaining, sustaining, 
reissumg or enforcing a Letters Patent or other intellectual property rights in the United States and throughout the 
world for said invention, or for perfecting, recording or maintaining the title of Assignee, its successors and 
assigns, to said invention, said Application, any Letters Patent granted for said invention, or any other intellectual 
property rights in the United States and throughout the world. 

Assignor also agrees that, upon request and for reasonable compensation associated with Assignor's time 
and out-of-pocket expenses (such amounts to be approved in writing by Assignee before incurring such expenses 
and time by Assignor), Assignor and his legal representative(s) and assigns will do all lawful acts, including being 
available as a witness or providing testimony in any court or other legal proceeding, that may be necessary or 
desirable for obtaining, sustaining, reissuing or enforcing a Letters Patent or other intellectual property rights in 
the United States and throughout the world for said invention. 
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Assignor represents and warrants that he has not granted and will not grant to others any rights 
inconsistent with the rights granted herein. 

IN WITNESS WHEREOF, Assignor has executed this Assignment on the date written hereinbelow. 



Dated: 

HYONC.M 
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Step toe &John son •■«-■■ 



A I T O R N E Y S A T L A W 



Andrew B. Chen 

310.734.3246 

achen@steptoe.com 



212! Avenue of the Stars 
Suite 2800 
Los Angeles, CA 90067 
Tel 310.734.3200 
Fax 310.734.3300 
steptoe.com 



December 3, 2009 



Via Certified Mail 
Return Receipt Requested 

Mr. Wesley A. Park 

301 Royal Oaks Boulevard 

#3406 

Franklin, TN 37067-4484 



Re: U.S. Patent Application No. 1 0/033,71 6 



Filed: 
Title: 



Based on: 



Inventors: 
Owner: 
Our Ref: 



December 27, 2001 
REMOTE ACCESS VERIFICATION ENVIRONMENT 
SYSTEM AND METHOD 

U.S. Provisional Patent Application No. 60/145,068, filed 07/09/1999 
U.S. Utility Patent Application No. 09/612,476, filed 07/07/2000; and 
U.S. Utility Patent Application No. 09/854,438, dated May 11, 2001 
Anthony Fontaine, Hyon (John) Im, Wesley A. Park 
Bally Gaming, Inc. 

83336.0559 



Dear Mr. Park: 



Pursuant to our letter of May 26, 2009, we are currently seeking to have you execute a 
declaration for the U.S. Patent Office, confirming that you are indeed an inventor of the above- 
referenced applications 

We represent Bally Gaming, Inc. and prosecute patent applications on their behalf. The above 
referenced applications were assigned to Bally Gaming, Inc. by Anthony L. Fontaine. It is our 
understanding that you may also be an inventor of the above-referenced applications. If this is correct, 
we are currently seeking to have you execute a declaration for the U.S. Patent Office, confirming that 
you are indeed an inventor of the above-referenced applications. 
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WASHINGTON • NEW YORK • CHICACO . PHOENIX • LOS ANGELES • CENTURY CITY • LONDON . BRUSSELS 



STEPTOE&JOHNSONu, 



Mr. Wesley A. Park 
December 3, 2009 
Page 2 



On December 27, 2001, we filed the above-identified patent application, which was based on the 
three referenced prior applications listed above. At the time the application was filed, we forwarded the 
enclosed patent application and declaration for your execution to your former employer, Vasco Data 
Security International in Oak Park Terrace, IL. 

We were informed by Vasco that you were no longer employed with them, and, as such, we do 
not believe you ever received a copy of the application, or were able to execute the enclosed 
Declaration, indicating that you were one of the inventor listed on these applications. 

Please find enclosed a copy of the patent application that was filed on December 27, 2001 and a 
Declaration for your execution and return, which, when received, will be filed with the U.S. Patent and 
Trademark Office. We have also enclosed an assignment of the patent application to Bally Gaming, Inc. 
for your execution and return. 

We appreciate your assistance. If you should have any questions, please do not hesitate to 
contact me. As we stated above, we are attorneys for Bally Gaming, Inc. and do not represent you or 
your former employer, Vasco. As such, it is recommended that you contact independent counsel should 
have any questions regarding this matter. 



Sincerely, 




Andrew B> Chen 



ABCrfas 
Enclosures 
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REMOTE ACCESS VERIFICATION ENVIRONMENT 
SYSTEM AND METHOD 

RELATED APPLICATION 

This application is claiming the benefit of patent application serial no. 
09/854,438 filed on May 1 1 , 2001, which is a continuation of patent application 
serial no. 09/612,476 filed on July 7, 2000, and provisional application serial 
no. 60/145,068 filed on July 9, 1999. 

BACK GROUND OF THE INVFNTION 

This invention relates generally to improvements in remote access 
verification systems and, more particularly, to a remote access verification 
environment system and method for enabling remote access to an application 
server, wherein a user's location and/or jurisdiction needs to be verified for 
enabling processing of a transaction requiring such user location verification. 

A portion of the disclosure of this patent document contains material which 
is subject to copyright protection. The copyright owner has no objection to the 
facsimile reproduction by anyone of the patent document or the patent disclosure, 
as it appears in the Patent and Trademark Office patent file or records, but 
otherwise reserves all copyright rights whatsoever. 

Description of the Related Art 

The present invention is directed to verification of geographic location for 
enabling remote access to an application server, and is particularly applicable to 
transactions requiring user location verification, such as gambling transactions, 
wherein processing gambling information for the purposes of wagering is 
restricted to venues where it is allowable by law. 
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Gambling transactions, in some form, are currently legal in 48 states in the 
United States and in many foreign countries. In order to insure consumer 
protection, gambling is highly regulated by the jurisdiction in which the activity 
5 occurs. Each jurisdiction sets its own standards for regulation including, for 
example, what games may be played, what the payouts must be, and consumers' 
recourse for the redress of grievances. Typically, gambling regulations will differ 
from jurisdiction to jurisdiction depending upon the social perspective on 
gambling in that jurisdiction. In the past, the enforcement of these regulations has 
1 0 been facilitated due to the nature of the activity, in that physical presence at the 
activity confirmed that the activity was performed within the authorized 
jurisdictional boundaries. 

The concept of telephone wagering, e.g., consisting of betting from remote 
locations removed the requirement of physical presence at the gambling location 
and, thus, enabled a wagerer to place a bet from a remote location through a 
telephone without actually being physically present in the jurisdiction. In this 
regard, Federal legislation known as the Wire Act has now made it illegal to use 
a wire for the interstate transmission of wagering information. 

However, with the advent of the Internet as a medium for the placing of 
bets or wagers, the applicability of the Wire Act to the Internet has been at issue. 
Proponents of the Internet gaming argued that the Internet was not a wire 
medium and therefore the law was not applicable to their activity. Furthermore, 
since most of the Internet gambling sites are currently located offshore and not 
within United States jurisdiction, proponents have argued that if the activity is legal 
in their jurisdiction, they are not in violation of United States laws. 

Legislation has been introduced to specifically cover use of the Internet for 
wagering purposes, including the Internet Gambling Prohibition Act. Although 
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this act is described as a prohibition against the use of the Internet for gambling 
purposes, there are specific exemptions for industries using specific technology. 
Under this act, industries such as horse racing and state lotteries may employ a 
technology defined as Closed-Loop Subscriber-Based Service for the purpose of 
5 wagering, provided that the service can verify that the person is physically located 
in a state where the activity is legal. 

Therefore, those concerned with the development and use of improved 
g remote access verification systems, methods, and the like have long recognized 
a 10 the need for improved systems and methods for determining and verifying a 
U user's geographic location for enabling access to the processing of transactions 
requiring such user location verification. 
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SUMMARY OF THE INVFNTION 

Briefly, and in general terms, the present invention provides a new and 
improved system and method for authenticating the geographic location of a user, 
identifying the user, and permitting the user to access an application server for 
transaction processing in an efficient, effective, and secure manner. 

By way of example, and not by way of limitation, the present invention 
provides a remote access verification environment system and method for 
enabling verification of remote access to an application server upon authentication 
of a location from which a user has sought access. The system is adapted to 
authenticate the user location to determine whether the user's location is an 
authorized location for enabling access to the application server. 

More particularly, the present invention may include a client for enabling 
the user to request remote access to the application server, an access server for 
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receiving and processing a request for access to the application server from the 
client, adapted to be located remote from the user's location, an authenticating 
server for authenticating the location of the user responsive to receipt of the 
processed request from the access server, adapted to be connected to the access 
server, and a network for interconnecting the client, the access server, the 
authenticating server, and the application server. The client may include an 
identifier associated with the user's location, such as a cookie, or a dynamic 
cookie, and the authenticating server may be adapted to authenticate the client 
location identifier. The client may further include a dialer located at the user's 
location, with a number associated with the dialer, and the authenticating server 
may comprise a Remote Access Dial-In User Service (RADIUS) server. The 
RADIUS server can include a system for authenticating the dialer number, which 
may be accomplished via Automatic Number Identification (ANI) system, and a 
system for identifying the first number from which the user has dialed, which may 
be accomplished via a Dialed Number Identification Services (DNIS) system. The 
authenticating server may also include a database of authorized locations, for 
enabling verification of the location of the user as an authorized user location. 
The network may comprise an intranet, it may include a local area network, or 
alternatively, it may comprise the Internet. 



The system, in accordance with the present invention, may also include a 
system for determining the identity of the user, which may comprise a challenge 
and response system, wherein the authenticating server may issue a security 
challenge to the client, and the client may interrogate the security challenge, 
generate a response, and send the response to the authenticating server. The 
present invention may further include a system for insuring the user's presence 
at the location from which the request has been sent, which may consist of a card, 
e.g., a Smart Card, for identifying the user, and a reader for reading the card and 
forwarding the information to the authenticating server. The user may access the 
client at a location remote from the application server, for example from the user's 
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home, office, or kiosk. The client may further include a communications port, a 
facility for the loading of software such as a disk drive, compact disk drive, or a 
communications port, a storage area for a geographic identifier, software that 
controls the communications port, a processing unit to interpret the 
5 communications, and output device such as a video display or television for 
communications output, and an input device such as a keyboard, mouse, touch 
screen, or voice recognition for communications input. 

In accordance with the present invention, the user may establish contact 
0 with the application server directly through a proprietary or private network, or 
indirectly through the Internet or a virtual private network, through enabled proxy 
and Web servers. Once a link between the user's client and an authenticating 
server has been effected, the server may query the client processing unit for 
information regarding the controller for the communications port. The processing 
5 unit may relay the geographic identification information contained in the 
communications controller to the authenticating server. During this process, the 
user may receive messages from the authenticating server that will be displayed 
on the output device. The user may be prompted to supply additional user 
information that may be entered through the input device. The user's geographic 
location identifier, as well as other pertinent information may be stored in a user 
account database. Successful logon to the authenticating server may activate the 
user's account, and may become available for tracking by the authentication- 
enabled application. Upon disconnection of the user, the account may be 
deactivated, whereupon ail session specific information may be removed from the 
user's record. In addition, unsuccessful logon attempts may be reported, logged, 
and the user disconnected, thereby refusing access to the application server. 

Therefore, an advantage of the present invention is that it includes a 
system for securely and effectively verifying the location of a user requesting 
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access to an application server, for enabling the secure and effective processing 
of a transaction requiring user location verification. 

A further advantage is that the present invention provides efficient and 
effective systems for insuring the user's presence at the location from which 
access is requested, to enable effective and efficient authentication. 

These and other objects and advantages of the invention will become 
apparent from the following more detailed description, when taken in conjunction 
with the accompanying drawings of illustrative embodiments. 
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BRIEF DESCRIPTION OF THE DRAWjNGS 



FIGURE 1 is a schematic diagram of a remote access verification system 
in accordance with the present invention; 

FIG. 2 is a block diagram illustrating a client system for communicating with 
an application server, in accordance with the invention; 

FIG. 3 is a block diagram of a system for communicating between a client 
and a remote Web server, in the practice of the present invention; 

FIG. 4 is a block diagram showing a security system for an Internet Service 
Provider Web server, in the practice of the invention; 

FIG. 5 is a block diagram of a system for enabling a client to access a 
remote Web server, in accordance with the present invention; 

FIG. 6 is a block diagram of a client security authenticating system, in the 
practice of the invention; and 

FIG. 7 is a block diagram of a client geographic verification system, in 
accordance with the invention. 
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DETAILED DESCRIPTIONQF THE PREFERRED FMROniMFMT.g 

The present invention is directed to a remote access verification 
environment system and method, for enabling remote access to an application 
5 server, upon authentication as an authorized remote location from which a user 
has sought such access to the application server and for enabling access to the 
application server for the processing of a transaction requiring such user location 
authentication. The improved system and method of the present invention 
g provides efficient, effective, and secure verification of the location of the remote 
a 10 access request for enabling access to the application server. The preferred 
W embodiments of the improved system and method are illustrated and described 

^ herein by way of example only and not by way of limitation 

01 

Z Referring now to the drawings, wherein like reference numerals denote like 

or corresponding parts throughout the drawing figures, and particularly to FIGS. 
O 1-7, and more particularly to FIG. 1, a system 10 is utilized for enabling 

verification of a location 12 from which a user may be requesting remote access 
to an application server 14. The system 10 includes at least one user request 
enabling device 16 for enabling a user to request remote access to the application 
server 14, which user request enabling device 16 is adapted to be located at the 
user's location 12. The system 10 also includes at least one access server 18, 
for receiving and processing a request for access to the application server 14 from 
the user request enabling device 16, which access server 18 is adapted to be 
located remote from the user's location 12. It further includes an authenticating 
server 20 for authenticating the location 1 2 of the user in response to receipt of 
the processed request from the access server 18, adapted to be connected to the 
authentication server 20. It also includes a network 22, for interconnecting the 
user request enabling device 16, the access server 18, and the authenticating 



Si 



30 



9 Docket No. 10407/559 

The user request enabling device 16 may comprise, for example, an 
interface station or a client, such as, for example, a personal computer based 
system capable of running a browser and connecting to a remote computer, a 
hand held device, (such as a personal digital assistant and the like ) a set top box 
5 connected to a television, or application specific devices incorporating a 
communication medium to a remote server, a display, and an input device. It may 
also include an identifier associated with the user's location 12, such as, for 
example, a cookie, and may include a dialer, such as for example a telephone 
^ dialer, located at the user's location 12. The dialer may include a number 
O 1 0 associated therewith, such as, for example, a telephone number. Where the user 
W request enabling device 1 6 comprises a client 1 6, for example, it may include a 

sj dialer which may be used in conjunction with a dialing system which includes a 
g plurality of numbers, each number associated with one of a plurality of dialers 
^ adapted to enable dialing therefrom, and each associated with a different user 
| 15 locat 'on- The dialing system may comprise, for example, a telephone system, 
Sj which may include assigned telephone numbers. In such a system, the 
P authenticating server 20 may comprise , by way of example, a Remote Access 
Dial-In User Service (RADIUS) server, or another server which includes dial up 
user validation software adapted to validate a user by comparing logon name, 
20 password, and the like, with jurisdictional values in a database or table. 

In such a dialing system, the authenticating server 20 may include a 
system for identifying the number associated with the dialer located at the user's 
location 12, which system may comprise, for example, Automatic Number 

25 Identification (ANI) service, a Calling Party Number (CNID) service provided by 
a local central office that identifies the originating telephone number of the user, 
or an Internet protocol address associated with a service provider for cable, digital 
subscriber line, satellite networks, and the like. Further, in such a dialing system, 
the authenticating server 20 may include a system for identifying the first number 

30 from which the user has dialed, to prevent a user from attempting to circumvent 
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the system 10, e.g., by activating the dialer at the user location 12 from a location 
other than the user location 12, Such a first number identifying system may 
comprise, byway of example only, Dialed Number Identification Services (DNIS). 

The authenticating server 20 in the system 10 may further include a 
database of authorized locations, for enabling verification of the location of the 
user as an authorized location. It may further include a system for determining 
the identity of the user, which may comprise a challenge and response system, 
such as, for example, software providing challenge/response authentication, or 
software supporting a public key infrastructure. In the challenge and response 
system, the authenticating server 20 may issue a security challenge to the user 
request enabling device 16 to verify the identity of the user. The security 
challenge may be issued by the authenticating server 20 in the form of a token. 
The client 16 may then interrogate the security challenge, generate a response, 
and transmit the response to the authenticating server 20. In such a system, the 
authenticating server 20 may include a database for enabling verification of the 
response of the client 16 to the security challenge, and for enabling authorization 
of access to the application server 14. 

In accordance with the present invention, the network 22 may comprise, for 
example, an intranet which may include at least one local area network, adapted 
to interconnect at least one of the clients 16 and an access server 18, or a private 
network which may employ a public communications infrastructure, a cable 
network, a satellite network, or the like. The network 22 may alternatively 
comprise, for example, the Internet, for interconnecting the client and the servers 
in the system 10. 

The system 10, in accordance with the present invention, may further 
include a system for insuring the user's presence at the user location 12, which 
may comprise a card for identifying the user, and a reader for reading the user 
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identifying card, adapted to be connected to the client 16 at the user location 12. 
The card for example may comprise a magnetic stripe card, or a hand held 
hardware based token, used to verify both the user and the user's actual physical 
presence, which may employ an encrypted value in a processor that relates the 
5 card to a user, or a mechanism for recording the user's identity by storing the 
user's finger-print on the card itself. The card may alternatively comprise a soft 
token constituting software that provides attributes of a hard token without the 
physical device, which may be activated through a keyboard or by voice or mouse 
r~= in P ut Tne re ader, for example, may be a device connected directly to a computer 

g 10 by a serial, parallel or infrared connection, or incorporated into a client without 
jjj requiring external wiring or communications, or software for use with a soft token. 

\l Furthermore, a time out feature may be employed, in accordance with the presort 

01 invention, to insure that the user is actually physically present at the user location 

jU 12. In other words, the user can be prompted to insert his card at a particular 

f?i 15 time - Failure to do so will terminate the session as the system 10 will interpret 
3 such failure to insert/respond as the user not being physically present at the user 

M location 12. 

The system 10 may also include a firewall 24 for security verification and 
20 authentication of all data seeking to pass therethrough, and a switch 26 for 
switching between the access servers 18, and the authenticating server 20 and 
application server 14. The firewall 24 may comprise, for example, a software 
based firewall employing packet filtering technologies, or a hardware based 
hardened firewall, or the like. 

25 

An exemplary client 16, in accordance with the present invention, is shown 
in FIG. 2 for communicating with an application server 14 which may be Web 
based. The client 16 may include, for example, a microprocessor 28 for 
controlling input/output, communications, and software operations, a video display 
30 30 for viewing output communications sent from the application server 14, and a 
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Web browser 32 or other suitable software for providing page layout display 
functions for the display 30. The client 16 may further include a keyboard 34 or 
other device for sending input communications to the application server 14, a 
geographic identifier 36, comprising a software program containing information 
5 regarding the geographic location and session identifier of the user, residing in 
storage, which may be in the form of a cookie dynamically created for each 
session, and a browser plug-in 38 comprising a software program for enabling the 
browser 32 to query the geographic identifier 36 residing in storage. The client 
g 16 may also include a security software module 40 comprising a software 
O 1 0 program for user authentication based on hardware or software tokens residing 
y in storage, and communications ports 42, for communicating with the remote 
£ application server 14, or for communicating with local hardware devices for 
«« software loading and security token communications with the security software 
tj module 40, which for dial-up communications includes a dialer for controlling the 
pj 15 communications ports. The client 16 may still further include a device 44 for 
p loading software or performing hardware scanning of authorization tokens, and 
the network 22 comprises the physical or virtual communications link to the 
remote application server 14. 

20 In the present invention, the client 1 6 may comprise a personal computer, 

which may include the microprocessor 28, the video display 30, the Web browser 
32, the keyboard 34, and the communications ports 42. The software, comprising 
the geographic identifier 36, the browser plug-in 38, and the security software 
module 40, may be obtained by the user on media loaded directly from the 

25 loading device 44, or through software downloaded from a remote server, 
accessed through the network 22 through the communications port 42 and 
installed to program in memory. 



For dial-up communications, in accordance with the present invention, the 
geographic identifier 36 may include the dial-up phone number of an Internet 
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Service Provider (ISP), which may include country code, area code, prefix, and 
number, as is appropriate by each country. The geographic identifier 36 may be 
in the form of a cookie, resident in memory, and established upon dial-up. The 
cookie may also contain session identification for the connection to a Web server. 
5 The value of the geographic identifier 36 in the cookie may be determined by the 
value used in the dialer. While the typically may only is capable of utilizing the 
local portion dial-up value to establish communications. As such, this requires 
that the user be within the local calling area of the ISP, thereby determining the 
geographic location of the client 16 to be within a certain local calling area. For 
1 0 cable and other communication techniques, the value in the geographic identifier 
36 is input prior to the software download, which value may include the Internet 
Protocol (IP) address of the ISP as well as the local support number of the ISP. 
The geographic identifier 36 may alternatively utilize a Geographic Positioning 
System (GPS) for removing reliance on user input and for removing any ambiguity 
5 regarding the exact location of the client 1 6. 



An example of a communications system, in accordance with the present 
invention, for communications between the client 16 and a remote Web server 
through an ISP 46, is illustrated in FIG. 3. The network 22 which comprises a 
communications medium may, for example, be a direct dial-up connection through 
telephone technologies, a cable connection, a satellite connection, or the like. 
Once the physical connection has been established, the ISP will open a Point-to- 
Point Protocol (PPP) connection to enable communications with the client 16 
through Transmission Control Protocol/IP (TCP/IP). The ISP 46 may then assign 
a virtual port number and IP address 48 to the client 16. These numbers are then 
used to route information from the Internet 50 to the client 16. When the client 16 
requests communication with a Web server 52 on the Internet 50, the ISP assigns 
an actual IP address and port number 48 for that particular communication with 
the Web server 52. Once assigned, the ISP 46 routes the communication to the 
appropriate IP address of the Web server 52. The ISP 46 tracks the relationship 
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of the virtual address to the actual IP address and port number 48 used to 
communicate with the Web server 52. The ISP 46 dynamically assigns a different 
actual IP address and port number 48 for each communication with the Web 
server 52. Each session between the client 16 and the Web server 52 consists 
5 of may communications. The ISP 46 dynamically resolves all virtual and actual 
IP addresses and port numbers 48 to insure communications between the client 
16 and the Web server 52. Once the communications have been established 
between the ISP 46 and the client 16, a graphical user interface application or 

^ browser 32 is launched. The browser 32 may be proprietary to the ISP 46, or may 

O 10 be commercially available, for example Netscape Navigator, Netscape 

W Communication, Microsoft Explorer, or the like 

M 

m An exemplary of a security system, in accordance with the present 

^ invention, for providing a security function of verifying geographic identity upon 

| 15 acces s to the ISP 46, is shown in FIG. 4. The ISP 46 may reside on a private 
H network and can communicate directly with the remote Web server 52. The client 

C 16 connects to the ISP 46 through the Web server 52. The access server 18 

captures relevant information regarding the geographic location of the client 16, 
which information may comprise ANI and DNIS. These values are interpreted by 
20 the RADIUS server 20. The RADIUS server 20 validates the user, and issues a 
challenge including a security token to the client 16. The client 16 interrogates the 
security token and receives a response which is then transmitted to the ISP 46. 
The RADIUS server 20 verifies the response based on values in a user accounts 
database 54. Upon successful verification, the RADIUS server 20 authorizes 
25 access to the ISP Web server 52 from the access server 1 8. 

Another example, in accordance with the present invention, of a process 
by which the client 16 may access the remote Web server 52, by establishing 
communications between the client 16 and the Web server 52 through the ISP 
30 46, is seen in FIG. 5. A proxy Web server 56 tracks communications between the 
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client 16, the ISP 46, and the Web server 52. The client 16 accesses the ISP 46, 
and the ISP 46 assigns the IP address and port number 48. The geographic 
identifier 36 may be dynamically established in the form of a dynamic cookie. The 
proxy Web server 56 accesses the user accounts database 54 and assigns the 
user name and a session identifier 58, which will be consistent throughout the 
user's session with the remote Web server 52, since the actual IP address and 
port number 48 may change with each messaging exchange. By attributing the 
user name and session identifier 58 to the entire session, only the first contact 
requires verification, rather than requiring verification with each connection as 
may be required without the Web proxy server 56. Once the remote Web server 
52 has received this information, it activates the security software that will begin 
the security authentication of the client 1 6. 

A system for security authentication of the client 16 through the remote 
Web server 52 is illustrated for example in FIG. 6. Once the Web server 52 has 
established the identity of the client 16 by the user name and session identifier 58, 
it prompts the RADIUS server 20 for authentication parameters. The RADIUS 
server 20 generates a challenge including a security token to the client 16, which 
is transmitted by the Web server 52 through the Web proxy server 56 and the ISP 
46. The client 16 receives the challenge and queries the security token for a 
response. The client 16 then transmits the response to the ISP 46. The ISP 46 
then transmits the response to the Web proxy server 56, which may again resolve 
any mapping changes of the IP address and port number 48 to the original 
session identification of the user name and session identifier 58. The response 
message is then transmitted to the Web sever 52. The Web server 52 sends the 
response to the RADIUS server 20 for verification of authenticity. If authentic, the 
RADIUS server 20 informs the Web server 52 to allow the client 16 access to the 
Web server 52. If authentication is rejected, the RADIUS server informs the Web 
server 52 to log the unsuccessful login attempt, to issue an error message to the 
client 16, and to disconnect the user. 
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A system for geographic verification of the client 16 subsequent to the 
successful login to the Web server 52 is shown, for example, in FIGS. 2 and 7. 
Once the client 16 has completed a successful login to the Web server 52, a 
5 server application is activated to query the client for its geographic location. 
Communications between the Web server 52 and the client 16 are conducted 
through the proxy server 56 and the ISP 46. The client 16 receives the request 
through its browser 32 and activates its browser plug-in 38. The browser plug-in 
La 38 queries the geographic identifier 36 of the client 1 6, and returns this value to 

g 10 the proxy server 56. The proxy server 56 compares this value against known 
W valid values in the user accounts database 54. If acceptable, the information is 

logged and the client 16 is passed to the application server 14. If unacceptable, 
m the event is logged, an error message is issued to the client 16, and the 

j\ connection is disconnected. 



Although one of ordinary skill in the art will appreciate that the present 
invention has been described above for use in all areas of communication, 
wherein the geographic or jurisdictional location of a user needs to be verified, in 
one preferred embodiment, the present invention is used in a gaming environment 
to allow a user to place wagers from jurisdictions in which gambling is legal. In 
such an embodiment, the present invention is comprised of the following 
components providing a secure network environment for the Internet-based 
delivery of gaming contact for wagering. In accordance with the present 
invention, the system will comprise a gaming card, e.g., a Smart Card as 
manufactured by Schulumberger, Inc. The gaming card will contain both security 
data for identifying the user and a monetary value for placing wagers. The Smart 
Card will be read by a Smart Card reader, for example, such as those 
manufactured by Fischer, Inc. One feature of the Smart Card reader, in 
accordance with the present invention, is the timeout feature which will require the 
user to be physically present at the card reader in order to insert the Smart Card 
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therein at the appropriate time. In this way, the user cannot circumvent the 
system by placing the Smart Card in the reader in advance, and then dialing his 
computer from another remote location in order to seize control of the system and 
to gain access to the gaming service. 

5 

In practice, when the user desires to access the gaming system, the 
following steps are performed: 

1 . The user installs the appropriate software, on the computer, PDA, 
u, or tne like . in accordance with the present invention, in order to gain 

O 10 access to the gaming system. 

W 2. An access number, supplied by the gaming system operator, is used 

Ly 

si to gain access to the gaming system network. This number will be 

p used to supply the corresponding AN I identification of the user's 

j\ telephone number and DNIS of the originally dialed number. 

JJj 1 5 3 - u P on verification of the user's jurisdictional location by the RADIUS 

server, the user is prompted to insert the gaming card into the card 
j£ reader. At this point, if ANI is missing from the data string, the call 

will be rejected. Upon insertion of the Smart Card, a challenge is 

issued from the RADIUS server to the client 
20 4 - At this stage, the user inputs a personal identification number which 

is used to create a response to the server's challenge. 
5. Upon validation of the challenge, the gaming system allows access 

to a desired URL through the client browser. 



In summary, in an Intranet environment for playing games, the system 
allows a user to log in and, at the first stage, the system determines the 
geographic location of the user. Thereafter, the user is authenticated for security 
purposes, and at that time, the user is able to log in to the particular application 
they are seeking to address or access. Once access to the particular application 
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is granted, additional security measures, such as PINS or other security 
techniques may be required in order to complete the log-in process. 

The present invention provides improved systems and methods for 
5 verifying the geographic location of a user, for enabling the processing of a 
transaction requiring user location verification, in a secure, effective and efficient 
manner. 



In accordance with the present invention, the improved systems and 
methods include a system which provides effective and secure authentication of 
the user location, for enabling requested access to the application server for 
transaction processing, and for efficient and effective verification of the presence 
of the user at the location from which the application server access is requested. 

Examples of a preferred form of source code for use in carrying out the 
above described software and firmware steps in conjunction with the hardware as 
described above, is included in the Provisional Patent Application Appendix 
attached to this application and incorporated herein. 

It will be apparent from the foregoing that, while particular forms of the 
invention have been illustrated and described, various modifications can be made 
without departing from the spirit and scope of the invention. Accordingly, it is not 
intended that the invention be limited, except as by the appended claims. 



WHAT IS CLAIMFD IS- 
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1 . A system for enabling remote access to an application server, upon 
authentication of a location from which a user has sought access as an authorized 
location, for enabling processing of a transaction requiring user location 
authentication, wherein the user location includes means for enabling the user to 
request remote access to the application server, the system comprising: 

an access server, for receiving and processing a request for access to the 
application server from a user request enabling means, the server adapted to be 
located remote from the user's location; 

an authenticator for authenticating the location of the user responsive to 
receipt of a processed request from the access server, the authenticator adapted 
to be connected to the access server; and 

means for interconnecting the access server and the authenticator. 

2. The system of claim 1, wherein the authenticator comprises an 
authenticating server. 

3. The system of claim 1 , wherein the authenticator includes means for 
determining the identity of the user. 

4. The system of claim 1, further comprising means for insuring the 
user's presence at the location. 

5. The system of claim 1 , further comprising means for enabling the 
user to request remote access to the application server. 

6. The system of claim 1 , wherein the interconnecting means comprise 
a network. 
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7. The system of claim 2, wherein the authenticating server includes a 
database of authorized locations, for enabling verification of the location of the 
user as an authorized user location. 

8. The system of claim 2, wherein the authenticating server comprises 
a Remote Access Dial-In User Service (RADIUS) server. 

9. The system of claim 3, wherein the user identity determining means 
comprise a challenge and response system. 

1 0. The system of claim 4, wherein the user presence insuring means 
comprise a card for identifying the user, and a reader for reading the user 
identifying card, adapted to be connected to the user access request enabling 
means at the user location. 

1 1 . The system of claim 5, wherein the user request enabling means 
comprise an interface station. 

12. The system of claim 5, wherein the user request enabling means 
comprise a client. 

13. The system of claim 5, wherein the user request enabling means 
include a location identifier. 

14. The system of claim 5, wherein the authenticating means are 
adapted to issue a security challenge to the user request enabling means, and the 
user request enabling means are further adapted to interrogate the security 
challenge, to generate a response, and to transmit the response to the 
authenticator. 

15. The system of claim 5, wherein the user request enabling means 
include an identifier associated with the user's location, and the authenticator 
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comprises means for authenticating the identifier associated with the user's 
location. 

16. The system of claim 5, wherein the user request enabling means 
include a dialer, located at the user's location, and wherein the dialer includes a 
number associated therewith. 

17. The system of claim 5, wherein the user request enabling means 
comprise a plurality of user request enabling means, and the interconnecting 
means comprise a network comprising an intranet which includes at least one 
local area network, adapted to interconnect at least one of the plurality of user 
request enabling means and the access server. 

18. The system of claim 5, wherein the interconnecting means are 
further adapted to interconnect the user request enabling means. 

1 9. The system of claim 6, wherein the network comprises an intranet. 

20. The system of claim 6, wherein the network comprises the Internet. 

21 . The system of claim 8, further comprising means for enabling the 
user to request remote access to the application server, wherein the 
authenticating server is further adapted to issue a security challenge to the user 
request enabling means. 

22. The system of claim 1 5, wherein the locating identifier comprises a 
cookie. 

23. The system of claim 16, wherein the authenticator comprises a 
number identifier for identifying the number associated with the dialer located at 
the user's location. 

24. The system of claim 1 6, wherein a dialing system includes a plurality 
of numbers each associated with one of a plurality of dialers adapted to enable 
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dialing therefrom and each dialer associated with a different user location, and the 
authenticator further comprises means for identifying the first number dialed from 
in the dialing system. 

25. The system of claim 20, wherein the locating identifier comprises a 
dynamic cookie. 

26. The system of claim 21 , wherein the user request enabling means 
are adapted to issue a response to the security challenge, and the authenticating 
means include a database for enabling verification of the response of the user 
request enabling means to the security challenge. 

27. The system of claim 23, wherein the number identifier comprises 
Automatic Number Identification. 

28. The system of claim 24, wherein the first number identifying means 
comprises Dialed Number Identification Services. 

29. The system of claim 26, wherein the authenticator is further adapted 
to verify the response of the user request enabling means to the security 
challenge based on the database in the authenticator, and to authorize access to 
the application server. 

30. A system for enabling remote access to an application server, upon 
authentication of a location from which a user has sought access as an authorized 
location, for enabling processing of a transaction requiring user location 
authentication, wherein the user location includes means for enabling the user to 
request remote access to the application server, the system comprising: 

an access server, for receiving and processing a request for access to the 
application server from a user request enabling means, the server adapted to be 
located remote from the user's location; 
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an authenticator for authenticating the location of the user responsive to 
receipt of the processed request from the access server, the authenticator 
adapted to be connected to the access server, the authenticator including a 
Remote Access Dial-In Service (RADIUS) server; 

means for interconnecting the access server and the authenticator; and 

means for enabling the user to request remote access to the application 
server, such means including a dialer, located at the user's location, wherein the 
dialer includes a dialing number associated therewith. 

31 . The system of claim 30, wherein the authenticator includes a number 
identifier for identifying the number associated with the dialer located at the user's 
location. 

32. The system of claim 30, and further comprising a dialing system 
including a plurality of numbers each associated with one of a plurality of dialers 
adapted to enable dialing therefrom and each associated with a different user 
location, and the authenticator comprises means for identifying the first number 
dialed from the dialing system. 

33. The system of claim 31, wherein the number identifier comprises 
Automatic Number Identification. 

34. The system of claim 32 wherein the first number identifying means 
comprises Dialed Number Identification Services. 

35. A system for enabling remote access to an application server, upon 
authentication of a location from which a user has sought access as an authorized 
location, for enabling processing of a transaction requiring user location 
authentication, wherein the user location includes means for enabling the user to 
request remote access to the application server, comprising: 
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an access server, for receiving a request for access to the application 
server from user request enabling means, adapted to be located remote from the 
user's location; 

an authenticator for authenticating the location of the user, the 
1 0 authenticator adapted to be connected to the access server and further including 
an identifier for determining the identity of the user; 

means for interconnecting the access server and the authenticator; and 

means for enabling the user to request remote access to the application 
server. 

36. The system of claim 35, wherein the user identifier further comprises 
a challenge and response system. 

37. The system of claim 35, wherein the authenticator is adapted to 
issue a security challenge to the user request enabling means, and the user 
request enabling means are further adapted to interrogate the security challenge, 
to generate a response, and to transmit the response to the authenticator. 

38. The system of claim 35, further comprising means for enabling the 
user to request remote access to the application server, wherein the authenticator 
server is further adapted to issue a security challenge to the user request enabling 
means. 

39. The system of claim 38, wherein the user request enabling means 
are adapted to issue a response to the security challenge, and the authenticator 
includes a database for enabling verification of the response of the user request 
enabling means to the security challenge. 

40. The system of claim 39, wherein the authenticating means are 
further adapted to verify the response of the user request enabling means to the 
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security challenge based on the database in the authenticator, and to authorize 
access to the application server. 

41 . A system for enabling remote access to an application server upon 
authentication of a location from which a user has sought access as an authorized 
location for enabling access to the application server and processing of a 
transaction requiring user location authentication, wherein the user location 
includes means for enabling the user to request remote access to the application 
server, comprising: 

an access server, for receiving a request for access to the application 
server from user request enabling means adapted to be located remote from the 
user's location; 

an authenticator for authenticating the location of the user, adapted to be 
connected to the access server; 

means for interconnecting the access server and the authenticator; and 

means for insuring user's presence at the location. 

42. The system of claim 41 , wherein the user presence insuring means 
comprise a card for identifying the user and a reader for reading the user 
identifying card, adapted to be connected to the user access request enabling 
means at the user location. 

43. A system for enabling remote access to an application server, upon 
authentication of a location from which a user has sought access thereto as an 
authorized location, for enabling processing of a transaction requiring user 
location authentication, wherein the user location includes means for enabling the 
user to request remote access to the application server, comprising: 
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an access server, for receiving and processing a request for access to the 
application server from user request enabling means, the server adapted to be 
located remote from the user's location; 

an authenticating server for authenticating the location of the user 
responsive to receipt of the processed request from the access server, adapted 
to be connected to the access server; and 

a network for interconnecting the access server and the authenticating 
server. 

44. The system of claim 43, further comprising a client for enabling the 
user to request remote access to the application server. 

45. The system of claim 43, wherein the authenticating server includes 
a database of authorized locations, for enabling verification of the location of the 
user as an authorized user location. 

46. The system of claim 44, wherein the client includes an identifier 
associated with the user's location, and the authenticating server is adapted to 
authenticate the identifier associated with the user's location. 

47. The system of claim 44, wherein the client comprises a plurality of 
clients and the network comprises an intranet which includes a plurality of local 
area networks, each adapted to interconnect at least one of the plurality of clients 
and the access server. 

48. A method of enabling remote access to an application server, upon 
authentication of a location from which a user has sought access thereto as an 
authorized location, for enabling processing of a transaction requiring user 
location authentication, wherein the user location includes means for enabling the 
user to request remote access to the application server, in a system which 
comprises an access server, for receiving and processing a request for access to 
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the application server from user request enabling means, adapted to be located 
remote from the user's location, an authenticator for authenticating the location 
of the user responsive to receipt of the processed request from the access server, 
adapted to be connected to the access server, and means for interconnecting the 
access server and the authenticator, wherein the method comprises: 

requesting an access server to enable a user at a user's location to access 
an application server; 

authenticating the location of the user in the authenticator; and 

determining in the authenticator whether to enable the user to access the 
application server based on the authenticating of the user's location. 

49. The method of claim 48, wherein the authenticator comprises an 
authenticating server, and wherein authenticating further comprises authenticating 
through the authenticating server. 

50. The method of claim 48, wherein the authenticator includes means 
for determining the identity of the user, and wherein authenticating further 
comprises determining the identity of the user through the user identity 
determining means. 

51. The method of claim 48, further comprising insuring the user's 
presence at the location through a user presence insuring means. 

52. The method of claim 48, further comprising enabling the user to 
request remote access to the application server through the user request enabling 
means. 

53. The method of claim 48, further comprising interconnecting the 
access server and the authenticating means through a network. 
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54. The method of claim 49, wherein authenticating comprises 
authenticating through an authorized location database. 

55. The method of claim 49, wherein authenticating further comprises 
authenticating through a RADIUS server. 

56. The method of claim 50, wherein determining further comprises 
challenging the identity of the user and processing the response thereto. 

57. The method of claim 51 , wherein insuring further comprises reading 
a user identifying card which identifies the user, via a card reader, connected to 
the user access request enabling means at the user location. 

58. The method of claim 52, wherein enabling further comprises 
enabling the user request through an interface station. 

59. The method of claim 52, wherein enabling further comprises 
enabling the user request through a client. 

60. The method of claim 52, wherein enabling further comprises 
enabling the user request through the location identifier. 

61. The method of claim 52, further comprising issuing a security 
challenge from the authenticator interrogating a security challenge, generating a 
response to the challenge, and transmitting the response from the user request 
enabling means. 

62. The method of claim 52, wherein authenticating comprises 
authenticating the user's location through a user associated identifier. 

63. The method of claim 52, wherein enabling comprises enabling 
through a dialer having an associated number. 
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64. The method of claim 52, wherein interconnecting comprises 
interconnecting a plurality of user request enabling means through a plurality of 
local area networks. 

65. The method of claim 52, wherein interconnecting further comprises 
interconnecting with a user request enabling means. 

66. The method of claim 53, wherein the network comprises an intranet, 
and wherein interconnecting further comprises interconnecting through the 
intranet. 

67. The method of claim 53, wherein the network comprises the Internet, 
and wherein interconnecting further comprises interconnecting through the 
Internet. 

68. The method of claim 55, wherein authenticating further comprises 
issuing a security challenge to the user request enabling means through an 
authenticating server. 

69. The method of claim 62, wherein authenticating further comprises 
authenticating through a locating identifier cookie. 

70. The method of claim 63, wherein the authenticator comprises means 
for identifying the number associated with the dialer located at the user's location, 
and wherein the step of authenticating further comprises identifying the number 
associated with the dialer. 

71 . The method of claim 63 wherein a dialing system includes a plurality 
of numbers each associated with one of a plurality of dialers adapted to enable 
dialing therefrom and each associated with a different user location, and the 
authenticator comprises means for identifying the first number dialed in the dialing 
system, and wherein the step of authenticating further comprises identifying the 
first number dialed. 
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72. The method of claim 67, wherein the locating identifier comprises a 
dynamic cookie. 

73. The method of claim 68, wherein the user request enabling means 
are adapted to issue a response to the security challenge, and the authenticator 
include a database for enabling verification of the response of the user request 
enabling means to the security challenge, and wherein the step of authenticating 
further comprises verifying the response to the security challenge through the 
verification database. 

74. The method of claim 70, wherein identifying further comprises 
identifying through Automatic Number Identification. 

75. The method of claim 71, wherein the step of identifying further 
comprises identifying through Dialed Number Identification Services. 

76. The method of claim 73, wherein the authenticator is further adapted 
to verify the response of the user request enabling means to the security 
challenge based on the database in the authenticator, and to authorize access to 
the application server, and further comprising the step of authorizing access to an 
application server. 
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ABSTRACT OF THE DISCLOSURE 



A system and method for authentication of the location of a user requesting 
remote access to an application server for processing a transaction requiring user 
location authentication. The system includes a client for enabling the user to 
request remote access to the application server, an access server for receiving 
and processing the request for access, an authenticating server for authenticating 
the user location responsive to receipt of the processed request from the access 
server, and a network for interconnecting the client, the access server, the 
authenticating server, and the application server. The client includes an identifier 
associated with the user's location, and the authenticating server is adapted to 
authenticate the client location identifier. The client may include a dialer, including 
a number associated therewith, and the authenticating server may be adapted to 
identify the number associated with the dialer to authenticate the user's location, 
and may further be adapted to identify the first number dialed to further 
authenticate the user location. The authenticating server may issue a security 
challenge to the client, and the client may interrogate the security challenge, 
generate a response, and transmit the response to the authenticating server. 
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claims priority under 35 U.S.C. 1 19(a)-(d) if a copy of the foreign application that satisfies the certified copy requirement of 
37 CFR 1.55 has been filed in the above-identified patent application; and 3) any U.S. application-as-filed from which benefit is 
sought in the above-identified patent application. 

In accordance with 37 CFR 1 .14(c), access may be provided to information concerning the date of filing the Authorization to 
Permit Access to Application by Participating Offices. 
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This flection of information is required by 35 U.S.C. 1 15 and 37 CFR 1 .63. The information is required to obtain or retain a benefit by the public which is to file (and 
by the USPTO to process) an application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.11 and 1.14. This collection is estimated to take 21 minutes to 
complete, including gathering, preparing, and submitting the completed application form to the USPTO. Time will vary depending upon the individual case. Any 
comments on the amount of time you require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief Information Officer, U S 
Patent and Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria, VA 22313-1450. DO NOT SEND FEES OR COMPLETED FORMS TO 
THIS ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1450, Alexandria VA 22313-1450 



the foi 



. call 1 -800-PTO-91 99 and select option 2. 



Under the Paperwork Reduction Ac 
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10 persons are required to respond t 
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J.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE 
a collection of information unless it contains a valid OMB control number. 



DECLARATION — Utility or Design Patent Application 



1 



Direct all ^ e address 

correspondence to: IS associated with 

Customer Number: 


66880 


OR | — | Correspondence 
LJ address below 


Name 


Address 


City 


State 


Zip 


Country 


Telephone 


Email 



WARNING: 

Petitioner/applicant is cautioned to avoid submitting personal information in documents filed in a patent application that may 
contribute to identity theft. Personal information such as social security numbers, bank account numbers, or credit card numbers 
(other than a check or credit card authorization form PTO-2038 submitted for payment purposes) is never required by the 
USPTO to support a petition or an application. If this type of personal information is included in documents submitted to the 
USPTO, petitioners/applicants should consider redacting such personal information from the documents before submitting them 
to the USPTO. Petitioner/applicant is advised that the record of a patent application is available to the public after publication of 
the application (unless a non-publication request in compliance with 37 CFR 1.213(a) is made in the application) or issuance of 
a patent. Furthermore, the record from an abandoned application may also be available to the public if the application is 
referenced in a published application or an issued patent (see 37 CFR 1.14). Checks and credit card authorization forms 
PTO-2038 submitted for payment purposes are not retained in the application file and therefore are not publicly available. 
Petitioner/applicant is advised that documents which form the record of a patent application (such as the PTO/SB/01) are placed 
into the Privacy Act system of records DEPARTMENT OF COMMERCE, COMMERCE-PAT-7, System name: Patent Application 
Files. Documents not retained in an application file (such as the PTO-2038) are placed into the Privacy Act system of 
COMMERCE/PAT-TM-1 0, System name: Deposit Accounts and Electronic Funds Transfer Profiles. 

I hereby declare that all statements made herein of my own knowledge are true and that all statements made on information and 
belief are believed to be true; and further that these statements were made with the knowledge that willful false statements and 
the like so made are punishable by fine or imprisonment, or both, under 18 U.S.C. 1001 and that such willful false statements 
may jeopardize the validity of the application or any patent issued thereon. 



NAME OF SOLE OR FIRST INVENTOR: 

Given Name (first and middle [if any]) 
Anthony L. 



[ I A petition has been filed for this unsigned inventor 



Family Name or Surname 
Fontaine 



Inventor's Signature 



Residence: City 
Henderson 



Country 
US 



Mailing Address 

1339 Echo Creek Street 



City 

Henderson 



Additional inventors or a legal representative are being n< 



sheet(s) PTO/SB/02A or 02LR at 
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Under the Paperwork Reduction Act of 1995. no persons are re 



DECLARATION 
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Approved for use through 07/31/2006. OMB 0651-0032 
.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE 
Idjoa collection of information unless it contains a valid OMB control number. 



ADDITIONAL INVENTOR(S) 
Supplemental Sheet 
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Name of Additional Inventor, if any 



□ A petition has been filed for this unsigned inventor 



ie (first and middle [if anvl) 



Hyon (John) Chun 



Family Name or Surname 



Residence: City 



Mailing Address 



5019Hillswick Drive 



Mailing Address 



City Sugar Land 



Name of Additional Inventor, if any 



□ A petition has been filed for this unsigned inventor 



Given Name (first and middle [if anvl) 



Family Name or Surname 



Residence: City 



Mailing Address 



301 Royal Oaks Blvd., #3406 



Mailing Address 



Name of Additional Inventor, if any 



□ A petition has been filed for this unsigned inventor 



Given Name (first and middle fif anvl) 



Family Name or Surname 



Residence: City 
Mailing Address 



Mailing Address 



City 



I Zi P 



I Country 



flection of information is required by 35 U.S.C. 1 15 and 37 CFR 1.63. The information is required to obtain or retain a benefit by the public which 
is to file (and by the USPTO to process) an application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.14. This collection is estimated to 
take 21 minutes to complete, including gathering, preparing, and submitting the completed application form to the USPTO. Time will vary depending 
upon the individual case. Any comments on the amount of time you require to complete this form and/or suggestions for reducing this burden, should 
?! C n en AA°^-r R, h 'f ' nfo J7" ation ° fficer ' U S ' Patent and Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria, VA 22313- 
VA22313-1450 COMPLETED FORMS TO THIS ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1450, Alexandria, 



If you need assistance in completing the form, call 1-800-PTO-9199 (1-800-786-9199) and select option 2. 



ASSIGNMENT 



Attorney Docket No. 83336.0559 



This Assignment is made by HYON C. IM of Addison, IL, and WESLEY A. PARK of Aurora, IL, 
Assignors, to BALLY GAMING, INC., a Nevada Corporation, Assignee, having a place of business at 6601 
South Bermuda Road, Las Vegas, NV 89119-7990; 

WHEREAS, Assignors have invented a new and useful REMOTE ACCESS VERIFICATION 
ENVIRONMENT SYSTEM AND METHOD and Assignors believe themselves to be the original first inventors 
of the mvention(s) disclosed and claimed in U.S. Application Numbers 60/145,068, 09/612,476, 09/854,438, and 
10/033,716; and 

WHEREAS, Assignee desires to acquire by formal, recordable assignment the entire right, title and 
interest in and to said invention, said Application, any Letters Patent, and all other related and associated 
intellectual property that may be granted for said inventions) in the United States and throughout the world; 

NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which are 
hereby acknowledged, Assignors have sold, assigned, transferred and set over, and by these presents hereby sell, 
assign, transfer and set over to Assignee all of Assignors' right, title and interest in, to and under said invention(s) 
said Application, and all other related and associated intellectual property (including, but not limited to 
copyrights, trademarks, know-how and trade secrets), including (a) the right to apply for patents in the United 
States of America and in all foreign countries for said inventions), (b) all application for patents for said 
inventions) or based on said Application in all countries, now filed or to be filed, including all non-provisional, 
divisional, renewal, substitute, continuation, continuation-in-part and convention applications based in whole or in 
part upon said inventions) or upon said Application, (c) all patents which may issue on said invention(s) and on 
any application transferred by this Assignment in the United States and foreign countries, and any and all reissues, 
reexams, extensions, divisions, renewals, substitutes, continuations or continuations-in-part of patents granted for 
said invention(s) or upon such Application, for the full term or terms for which the patents may be issued, and (d) 
every priority right that is or may be predicated upon or arise from said invention(s), said Application and such 
patents under any applicable international or bilateral treaty, agreement or convention. Assignors hereby 
authorize Assignee to file a patent Application or any other application in all countries for any or all of said 
invention(s) in Assignors' name, or in Assignee's name or otherwise as Assignee may deem advisable, under any 
international or bilateral treaty, agreement or convention, or otherwise. 

Further, Assignors agree that, upon request and without further compensation, but at no expense to 
Assignors, they and their legal representative(s) and assigns will do all lawful acts, including the execution of 
papers and the giving of testimony, that may be necessary or desirable for obtaining, sustaining, reissuing or 
enforcing a Letters Patent or other intellectual property rights in the United States and throughout the world for 
said invention, and for perfecting, recording or maintaining the title of Assignee, its successors and assigns, to 
said invention, said Application, any Letters Patent granted for said invention, or any other intellectual property 
rights in the United States and throughout the world. 

Assignors represent and warrant that they have not granted and will not grant to others any rights 
inconsistent with the rights granted herein. 

IN WITNESS WHEREOF, Assignors have executed this Assignment on the dates written hereinbelow. 
Dated: 

HYONC. IM 

Dated: 

WESLEY A. PARK 
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EXHIBIT B 



■ Complete items , and 3. Also complete 
item 4 if Restricted Delivery is desired. 

■ Print your name and address on the reverse 
so that we can return the card to you. 

■ Attach this card to the back of the mailpiece, 
or on the front if space permits. 


v / - / □ Agent 
X -,-y - V ,v-~-) □ Addressee 


B. Received by ( Printed Name) C. Data of Delivery 


1. Article Addressed to: 


D. Is delivery address different from Item 1? p Yes 
If YES, enter delivery address below: □ No 


Grosrtified Mail DExpress Mail 

□ Registered eftetum Receipt for Merchandise 

□ Insured Mail □ C.O.D. 


4. Restricted Delivery? (Extra Fee) □ Y os 


2 ' 7™TZ7se„,c el3bel) 7DD6 3E3D ODOQ flbm_D271 


PS Form 381 1 , February 2004 Domestic Return Receipt 102595-02-M-1540 



EXHIBIT C 



DER: COMPLETE THIS SECTION 



■ Complete items 1 , 2, and 3. Also complete 
item 4 if Restricted Delivery is desired. 

■ Print your name and address on the reverse 
so that we can return the card to you. 

■ Attach this card to the back of the mailpiece, 
or on the front if space permits. 



I. Article Addressed t( 



Mr LtfesU ^ P arlc 

3ol Rvucd Oaks givd. 




> deliver* re iiffe t from item 1 
If YES, enter delivery address below: UNo 



3. Service Type 
□'Certified Mail 
□ l 




©"Return Receipt for Merchandise 
□ C.O.D. 



Delivery? (Extra Fee) 



; PS Form 381 1 , February 2004 



7006 3E3D DDDD fifam DSflfl 



Domestic Return Receipt 



